PDF Basket
Threats to cybersecurity are constantly evolving, which means cryptographic solutions must evolve too. To keep internet users safe online, there is a high demand for sophisticated cryptographic solutions tailored to their specific needs.
“Unfortunately, because these solutions were often plagued by design flaws and prone to errors, many became the target of some high-profile attacks,” says Karthikeyan Bhargavan, research director at France’s National Institute for Research in Digital Science and Technology (Inria).
A specialist in securing data exchange on the internet, Bhargavan saw an opportunity to fill this security gap. With the support of the EU-funded Circus project, his team set out to build a new security verification framework capable of identifying and eliminating entire classes of cyberthreats.
The outcome of this effort was award-winning research that contributed to the design of the Transport Layer Security standard known as TLS 1.3. This set of cryptographic protocols, now used by nearly every major browser, allows applications to communicate across the internet securely.
The Circus project, in collaboration with Microsoft Research and CMU, also built HACL*, the first formally verified, high-performance library of cryptographic algorithms.
From the lab to the marketplace
With these two critical solutions in hand, internet companies such as Mozilla, Linux and Microsoft soon sought out the team, but as a research project, Circus wasn’t set up to deliver commercial solutions.
With support from the European Research Council, Bhargavan launched the CRYSPEN project. “Our goal was to establish a company that will take all the research developed during the Circus project and turn it into commercially viable, ready-to-use, verified cryptographic solutions,” he explains.
The company, also called Cryspen, is dedicated to building the formal verification tools and mathematically proven software solutions companies need to gain confidence in their security-critical systems.
“One of our key differentiators is that we not only help companies transition away from their legacy cryptographic solutions but do so using a research-backed approach that ensures everything we deliver is provably correct and verifiably secure,” adds Bhargavan.
Three years later, the company’s portfolio includes contracts with high-profile internet companies, along with smaller companies, including those working within the world of internet privacy and cryptocurrencies.
Working behind the scenes
Although you probably are not aware of it, there is a good chance you are benefiting from a Cryspen solution – perhaps even now as you are reading this article. “Our software and the standards we contribute to are behind the scenes, working to keep you safe,” notes Bhargavan.
In addition to protecting most web browsers, Cryspen’s work is also keeping messaging services secure. That’s because the company contributed to the new Messaging Layer Security (MLS) standard.
“Cryspen builds award-winning software that can help companies embrace the new MLS standard and integrate it securely into their technology stack,” explains Bhargavan.
While the standard is already being used by the likes of Cisco, Matrix and Wire, Bhargavan believes most major messaging services will soon have no choice but to start using the open MLS protocol. “With new regulations like the Digital Markets Act, companies have to embrace interoperability, especially when it comes to communications and messaging,” he remarks.
Evolving to meet the changing cybersecurity threat
According to Bhargavan, the next big evolution is post-quantum cryptography. “As the threat of quantum computing grows, businesses and organisations need to start planning for the post-quantum transition,” adds Bhargavan. “This means migrating their processes and applications to use post-quantum cryptography, which is resistant to attacks by quantum computers.”
Luckily, thanks to EU funding, these businesses and organisations will be able to rely on the research-based, guaranteed solutions offered by Cryspen.